> On Oct 1, 2016, at 11:01 AM, li...@lazygranch.com wrote:
>
> On the latest "Security Now" podcast, Steve Gibson's makes noises about
> DNSSEC/DANE replacing certs, but not in detail.
I think that this thread, which was only tenuously connected to
Postfix in the first place, is no longer
age
From: Alice Wonder
Sent: Saturday, October 1, 2016 3:29 AM
To: postfix-users@postfix.org
Subject: Re: WoSign/StartCom CA in the news
On 09/30/2016 06:52 AM, John @ KLaM wrote:
> Yes, I understand DANE can be used for MTAs. My musing is could it
> completely replace the existing CA mes
On 09/30/2016 06:52 AM, John @ KLaM wrote:
Yes, I understand DANE can be used for MTAs. My musing is could it
completely replace the existing CA mess, and I suppose the follow up is
how?
I do not see it as a replacement for the CA mess but rather as a form of
2-factor authentication.
Yes, I understand DANE can be used for MTAs. My musing is could it
completely replace the existing CA mess, and I suppose the follow up is how?
On September 30, 2016 09:12:30 wie...@porcupine.org (Wietse Venema) wrote:
John:
This may be way off topic, if I apologise.
Looking a the
John:
> This may be way off topic, if I apologise.
>
> Looking a the available CAs many of them do not seem to pass the
> /s//niff test//./ WoSign/Startcom are not alone in being found to be
> either incompetent or dishonest. Which made me wonder if there might be
> an alternative to CA issued
On Fri, Sep 30, 2016 at 08:36:58AM -0400, John wrote:
> This may be way off topic, if I apologise.
Not really, not much anyway.
> Looking a the available CAs many of them do not seem to pass the
> /s//niff test//./ WoSign/Startcom are not alone in being found to
> be either incompetent or
This may be way off topic, if I apologise.
Looking a the available CAs many of them do not seem to pass the
/s//niff test//./ WoSign/Startcom are not alone in being found to be
either incompetent or dishonest. Which made me wonder if there might be
an alternative to CA issued certs. Is there
s internal
control issues.
Original Message
From: Alice Wonder
Sent: Thursday, September 29, 2016 8:35 PM
To: postfix-users@postfix.org
Subject: Re: WoSign/StartCom CA in the news
On 09/28/2016 01:25 AM, li...@lazygranch.com wrote:
> I don't want take this thread off course, but sugges
On 09/28/2016 01:25 AM, li...@lazygranch.com wrote:
I don't want take this thread off course, but suggestions for low cost certs
would be appreciated. I don't like how Let's Encrypt works, else that would be
the obvious solution.
Domain registration isn't free. Server time isn't free.
16 8:11 AM
To: postfix-users@postfix.org
Subject: Re: WoSign/StartCom CA in the news
On 9/28/2016 10:53 AM, KSB wrote:
> On 2016.09.28. 17:47, Mike wrote:
>> On 9/28/2016 4:55 AM, li...@lazygranch.com wrote:
>>> CACert came up in my search. I will look into it. Suggestions always
>
On 9/28/2016 10:53 AM, KSB wrote:
> On 2016.09.28. 17:47, Mike wrote:
>> On 9/28/2016 4:55 AM, li...@lazygranch.com wrote:
>>> CACert came up in my search. I will look into it. Suggestions always
>>> appreciated since I'm quite comfortable with people out there knowing more
>>> than me.
>>>
>>>
On 2016.09.28. 17:47, Mike wrote:
On 9/28/2016 4:55 AM, li...@lazygranch.com wrote:
CACert came up in my search. I will look into it. Suggestions always
appreciated since I'm quite comfortable with people out there knowing more than
me.
I didn't like the Let's Encrypt 90 day deal with
On Wed, Sep 28, 2016 at 08:53:01AM +, Viktor Dukhovni wrote:
> On Wed, Sep 28, 2016 at 01:25:42AM -0700, li...@lazygranch.com
> wrote:
>
> > I don't want take this thread off course, but suggestions for low
> > cost certs would be appreciated. I don't like how Let's Encrypt
> > works, else
On 9/28/2016 4:55 AM, li...@lazygranch.com wrote:
> CACert came up in my search. I will look into it. Suggestions always
> appreciated since I'm quite comfortable with people out there knowing more
> than me.
>
> I didn't like the Let's Encrypt 90 day deal with mysterious upload to your
>
On 16-09-28 04:55 AM, li...@lazygranch.com wrote:
> I didn't like the Let's Encrypt 90 day deal with mysterious upload to your
> server.
While I do not like to grant root access to a third-party controlled
process on my server, there are good alternatives and the only things
that I upload to my
My StartSSL-certs are valid until 4th of october. Luckily I switched to
Let's encrypt yesterday - with DANE, of course. ;-)
Regards,
Renne
Am 28.09.2016 um 00:29 schrieb Viktor Dukhovni:
> WoSign (who seemingly purchased StartCom) seem to have run into
> some compliance issues as reported by
n business, even if
> it's dead already.
>
>>
>>
>> Original Message
>> From: Sven Schwedas
>> Sent: Wednesday, September 28, 2016 1:10 AM
>> To: postfix-users@postfix.org
>> Subject: Re: WoSign/StartCom CA in the news
>>
>> On 2016-09
On 28.09.2016 12:03, KSB wrote:
> probably they will go down to 30 days as most admins learn to do
> automation.
I have read various LE posts regarding certificate lifetime, and while I
agree that LE apparently favours automation, I don't think the matter
has been decided yet. My personal (!)
On 28/09/16 09:51, Boris Behrens wrote:
>> Am 28.09.2016 um 10:25 schrieb li...@lazygranch.com:
>>
>> I don't want take this thread off course, but suggestions for low cost certs
>> would be appreciated. I don't like how Let's Encrypt works, else that would
>> be the obvious solution.
>>
>>
On 2016.09.28. 12:59, Ralph Seichter wrote:
As for the "90 day deal": LE is still in ramp-up phase, so I expect the
validity period to increase. Even with 90 days, it is worth using their
certificates. In a DANE context, all you need to take care of is not
automatically generating new keys with
On 28.09.2016 10:55, li...@lazygranch.com wrote:
> I didn't like the Let's Encrypt 90 day deal with mysterious upload to
> your server. It bugs me.
Let's Encrypt does not upload anything to your server. You download an
updated certificate, if and when you choose to. That process can be
invoked
On 28/09/16 09:25, li...@lazygranch.com wrote:
I don't want take this thread off course, but suggestions for low cost certs
would be appreciated. I don't like how Let's Encrypt works, else that would be
the obvious solution.
When Symantec first announced that they would compete with Let's
On Wed, Sep 28, 2016 at 01:55:06AM -0700, li...@lazygranch.com wrote:
> I didn't like the Let's Encrypt 90 day deal with mysterious upload to your
> server. It bugs me.
You're mistaken about how LE works. There is no remote control of
your server, or any externally imposed update. They provide
, 2016 1:34 AM
To: li...@lazygranch.com; postfix-users@postfix.org
Subject: Re: WoSign/StartCom CA in the news
On 2016-09-28 10:25, li...@lazygranch.com wrote:
> I don't want take this thread off course, but suggestions for low cost certs
> would be appreciated. I don't like how Let's Encrypt
On Wed, Sep 28, 2016 at 01:25:42AM -0700, li...@lazygranch.com wrote:
> I don't want take this thread off course, but suggestions for low cost
> certs would be appreciated. I don't like how Let's Encrypt works, else
> that would be the obvious solution.
I am curious what you don't like about
s
> Sent: Wednesday, September 28, 2016 1:10 AM
> To: postfix-users@postfix.org
> Subject: Re: WoSign/StartCom CA in the news
>
> On 2016-09-28 00:31, Giovanni Harting wrote:
>> Correct me if I'm wrong, but that document you describe issues by
>> Mozilla and others, doesn
th Let's
>Encrypt, I signed up with them. But it looks like their free cert
>program is more like you need to recruit customers for them.
>
>
> Original Message
>From: Sven Schwedas
>Sent: Wednesday, September 28, 2016 1:10 AM
>To: postfix-users@postfix.org
>Subject:
s more like
> you need to recruit customers for them.
Same with the others. Of course they want to stay in business, even if
it's dead already.
>
>
> Original Message
> From: Sven Schwedas
> Sent: Wednesday, September 28, 2016 1:10 AM
> To: postfix-users@postfix.org
> Subj
.
Original Message
From: Sven Schwedas
Sent: Wednesday, September 28, 2016 1:10 AM
To: postfix-users@postfix.org
Subject: Re: WoSign/StartCom CA in the news
On 2016-09-28 00:31, Giovanni Harting wrote:
> Correct me if I'm wrong, but that document you describe issues by
> Mozilla and
On 2016-09-28 00:31, Giovanni Harting wrote:
> Correct me if I'm wrong, but that document you describe issues by
> Mozilla and others, doesn't it state that it would only affect new
> issues certs after a certain date?
Yes, but most StartSSL/WoSign certificates are only valid for a year or
less.
> On Sep 27, 2016, at 6:31 PM, Giovanni Harting <5...@idlegandalf.com> wrote:
>
> Correct me if I'm wrong, but that document you describe issues by Mozilla and
> others, doesn't it state that it would only affect new issues certs after a
> certain date?
Yes, quote:
Taking into account
Correct me if I'm wrong, but that document you describe issues by
Mozilla and others, doesn't it state that it would only affect new
issues certs after a certain date?
Am 09/28/16 um 00:29 schrieb Viktor Dukhovni:
WoSign (who seemingly purchased StartCom) seem to have run into
some
WoSign (who seemingly purchased StartCom) seem to have run into
some compliance issues as reported by Firefox:
http://arstechnica.com/security/2016/09/firefox-ready-to-block-certificate-authority-that-threatened-web-security/
Many SMTP servers are using certs from StartCom. In my DANE
33 matches
Mail list logo
